[strongSwan-dev] strongSwan RSA signature vulnerability

Yaron Sheffer yaronf.ietf at gmail.com
Thu May 31 17:43:00 CEST 2012

Hi Martin,

Please clarify: is the "gmp" plugin used for this purpose by default, 
e.g. when no specific pugins are specified in strongswan.conf?


On 05/31/2012 06:23 PM, Martin Willi wrote:
> We have been informed about a security vulnerability in
> strongSwan. If the strongSwan "gmp" plugin is used for RSA signature
> verification, an empty or zeroed signature is handled as a legitimate
> one. CVE-2012-2388 has been reserved for this vulnerability.
> To exploit the vulnerability, a connection definition using RSA
> authentication is required. An attacker presenting a forged signature
> and/or certificate can authenticate as any legitimate user. strongSwan
> version back to 4.2.0 and up to 4.6.3 are affected, using both IKEv1 and
> IKEv2. Injecting code is not possible by such an attack.
> The patch at [1] fixes the vulnerability and should apply to all
> affected versions. Please update your installations as soon as possible.
> strongSwan 4.6.4 including the fix is available at [2], the release
> announcement will follow soon.
> Our apologies for having such a serious vulnerability in the strongSwan
> codebase.
> Kind Regards
> Martin
> [1]http://download.strongswan.org/patches/09_gmp_rsa_signature_patch/strongswan-4.2.0-4.6.3_gmp_rsa_signature.patch
> [2]http://download.strongswan.org/strongswan-4.6.4.tar.bz2
> _______________________________________________
> Dev mailing list
> Dev at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/dev

More information about the Dev mailing list